4.3
CVE-2010-3774
- EPSS 1.64%
- Veröffentlicht 10.12.2010 19:00:02
- Zuletzt bearbeitet 16.06.2026 23:23:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.64% | 0.732 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
http://secunia.com/advisories/42818
http://support.avaya.com/css/P8/documents/100124650
http://www.mandriva.com/security/advisories?name=MDVSA-2010:251
http://www.vupen.com/english/advisories/2011/0030
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
http://secunia.com/advisories/42716
http://www.redhat.com/support/errata/RHSA-2010-0966.html
http://www.ubuntu.com/usn/USN-1019-1
http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
http://www.securitytracker.com/id?1024850
https://bugzilla.mozilla.org/show_bug.cgi?id=602780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12512